[00:00.250 --> 00:04.890]  Hello guys, welcome to the first ever virtual DEF CON event.
[00:05.010 --> 00:14.650]  This workshop, Introduction to Wi-Fi Security, is a part of Wireless Village, which is a part of DEF CON as you know.
[00:14.890 --> 00:19.490]  So in this workshop, we are going to talk about the basics of Wi-Fi security.
[00:19.810 --> 00:28.550]  We will talk about the schemes that Wi-Fi uses to keep your traffic, your identity secure while you are using the Wi-Fi.
[00:28.550 --> 00:31.830]  And we will also look at the ways to attack those.
[00:32.070 --> 00:38.050]  My name is Nishant and I will be conducting this workshop along with my colleague Jaswin.
[00:38.050 --> 00:40.890]  We both work for Pentester Academy.
[00:41.870 --> 00:46.450]  So before moving forward, a little bit background about us.
[00:46.450 --> 00:50.450]  I work as R&D Manager at Pentester Academy.
[00:50.450 --> 00:54.970]  We work on developing labs and training contents for our customers.
[00:54.970 --> 01:00.190]  When we are not doing that, we train around the world in different venues.
[01:00.490 --> 01:02.370]  We present our research.
[01:02.910 --> 01:07.810]  Jaswin also works at Pentester Academy. He is a researcher there.
[01:07.910 --> 01:16.390]  And apart from doing all the lab work and the routine work, he also helps me as a co-trainer in the trainings.
[01:16.390 --> 01:19.910]  And he also publishes his research.
[01:21.110 --> 01:26.890]  So here are some cool logos from some conferences that we have been to.
[01:28.090 --> 01:30.730]  This is the pentesteracademy.com.
[01:30.830 --> 01:36.390]  We have a lot of courses, on-demand video courses on here.
[01:36.390 --> 01:38.310]  You can go and take a look.
[01:38.590 --> 01:43.090]  Similarly, we have a browser-based lab which is completely in cloud.
[01:43.090 --> 01:44.910]  We call it Attack Defense.
[01:46.090 --> 01:50.530]  Everything in this lab can be used using your browser.
[01:50.530 --> 01:53.210]  You don't need any VPN. You don't need any plugin.
[01:54.110 --> 01:57.130]  We have customers from over 90 plus countries.
[01:57.310 --> 02:00.290]  And now coming to the workshop outline.
[02:00.630 --> 02:04.990]  So as discussed before, we will talk about the basics of Wi-Fi.
[02:04.990 --> 02:08.270]  And then we will talk about sniffing and recon.
[02:08.370 --> 02:13.270]  We'll talk about WEP, WPA2-PSK, and WPA2-Enterprise.
[02:13.270 --> 02:16.830]  What they are, how the authentication works in them,
[02:16.830 --> 02:19.530]  and how we can actually attack them.
[02:20.530 --> 02:24.270]  So first of all, you know, when you read about Wi-Fi,
[02:24.270 --> 02:28.710]  you will see that it is referred by the name or this number.
[02:28.710 --> 02:30.990]  That's 802.11.
[02:30.990 --> 02:36.850]  So 802 is the committee that deals with the network-related norms.
[02:36.950 --> 02:41.690]  And .11 is assigned to Wi-Fi or wireless LAN.
[02:43.350 --> 02:46.490]  So 802.11 is the standard.
[02:46.490 --> 02:51.250]  And then there are multiple amendments to the standard to support newer things.
[02:51.250 --> 02:57.250]  So for example, you have your 802.11 A, B, G, N.
[02:57.430 --> 03:00.450]  Similarly, you have I, W, and there's a list.
[03:00.450 --> 03:02.010]  There's a list of this.
[03:02.010 --> 03:06.410]  So all of these are amendments to the main standard.
[03:07.790 --> 03:12.350]  Wi-Fi Alliance is the organization that actually holds the right
[03:12.350 --> 03:15.650]  for this specific logo.
[03:15.650 --> 03:18.250]  The Wi-Fi trademarks actually belong to them.
[03:18.310 --> 03:23.110]  So if you are a vendor and if you want to use this logo on your product,
[03:23.110 --> 03:25.150]  you have to take approval from them.
[03:25.150 --> 03:28.010]  So you submit your product to them and then they go through it.
[03:28.010 --> 03:31.470]  They check if it complies with whatever standards they have.
[03:31.470 --> 03:33.830]  And then you're allowed to use this logo.
[03:36.650 --> 03:39.150]  So there are multiple amendments.
[03:39.150 --> 03:46.130]  But we are only going to talk about those which deal with the transmission of Wi-Fi,
[03:47.110 --> 03:51.510]  especially the bands and the bandwidth and all.
[03:51.630 --> 03:58.050]  So in that, you have A, B, G, N, and AC, which is the latest one.
[03:58.530 --> 04:02.870]  So 802.11 A, it uses OFDM.
[04:02.870 --> 04:07.170]  So all of this, because it's a basic class, we don't have that amount of time.
[04:07.170 --> 04:12.010]  But just to give you an overview, there's a reason why these slides are here,
[04:12.010 --> 04:14.990]  so that you can go back later and, you know,
[04:14.990 --> 04:18.810]  if you are interested in this specific part, you can dig deeper into it.
[04:18.850 --> 04:22.550]  So 11A is the first one. It was the basic one.
[04:22.550 --> 04:24.550]  It used to use 5 GHz.
[04:24.650 --> 04:30.390]  And at that time, OFDM was the way to propagate the wave of the data in this case.
[04:30.650 --> 04:32.890]  And then the 11B came.
[04:32.890 --> 04:36.430]  It used to work on a different way of modulation.
[04:36.430 --> 04:39.250]  And 2.4 GHz was used for it.
[04:39.250 --> 04:46.470]  Then came G. In G, they increased the data carrying capacity.
[04:46.650 --> 04:48.870]  After that came N.
[04:48.910 --> 04:53.210]  N actually allowed you to use two or more channels together.
[04:53.210 --> 04:59.350]  So it's, you know, so what the idea here is to increase the throughput.
[04:59.430 --> 05:03.310]  So, you know, from A, B, G, N, what we are trying to do,
[05:03.310 --> 05:08.390]  we are trying to transmit more data using Wi-Fi, right?
[05:08.390 --> 05:11.370]  Because, you know, it's not like the older times now.
[05:11.850 --> 05:17.070]  If you talk about 10, 15 years back, you didn't have that kind of requirements
[05:17.070 --> 05:19.990]  as well as that kind of equipment at your home.
[05:20.090 --> 05:23.990]  So, for example, you didn't have 4K TV, right?
[05:23.990 --> 05:27.470]  But now when you have 4K TV, which connects to your Internet
[05:27.470 --> 05:32.430]  and you want to stream a movie or something, you need higher bandwidth, right?
[05:32.430 --> 05:35.930]  So that's where all of these standards actually came in.
[05:35.930 --> 05:40.170]  So, you know, 11 AC is the latest one, which is, you know,
[05:40.170 --> 05:45.090]  being adopted by the market for the past few years now.
[05:45.090 --> 05:50.490]  So it can actually give you up to 1.3 Gbps of data transmission
[05:50.490 --> 05:52.670]  using your home Wi-Fi.
[05:52.950 --> 05:57.150]  And if you talk about enterprise Wi-Fi, then the limit will increase.
[05:57.150 --> 06:00.330]  So these standards will make sure that, you know,
[06:00.330 --> 06:04.150]  it can accommodate your needs with the time.
[06:05.410 --> 06:08.490]  So this is the 2.4 GHz channel.
[06:08.490 --> 06:16.050]  So Wi-Fi, if we talk about the main Wi-Fi, not the newer ones like 11 AD or something,
[06:16.050 --> 06:18.750]  it operates on two main channels.
[06:18.750 --> 06:24.010]  First one is the 2.4 GHz channel and the second one is the 5 GHz channel.
[06:24.010 --> 06:28.990]  So this is the layout for the channels on 2.4 GHz.
[06:29.170 --> 06:35.490]  So you can see that there are 14 channels and all of these cannot be used in all of geographies.
[06:35.490 --> 06:37.050]  You know, there are regulations.
[06:37.210 --> 06:42.350]  So according to them, you can use 14 channels in some of the geographies,
[06:42.350 --> 06:46.590]  some of the nations, and then you can use 12 or 13 in others.
[06:46.590 --> 06:51.510]  So you can refer to the regulatory information for this.
[06:51.510 --> 06:58.050]  Now, what you can observe here is these bands are very narrow and they overlap.
[06:58.150 --> 07:02.310]  And this causes a lot of problems because, you know, then you have interference
[07:02.310 --> 07:06.730]  and you have a lot of, you know, Wi-Fi networks operating
[07:06.730 --> 07:10.270]  and there are a lot of clients in the vicinity.
[07:10.270 --> 07:12.170]  It is going to cause problems.
[07:12.410 --> 07:15.950]  So that's where people then move to 5 GHz.
[07:15.950 --> 07:18.730]  So 5 GHz is more spread out.
[07:18.910 --> 07:21.190]  It has non-overlapping channels.
[07:21.510 --> 07:23.150]  So you can transmit more.
[07:23.150 --> 07:25.950]  So that was the idea behind it.
[07:26.310 --> 07:30.890]  Now, coming back to the sniffing and the connection part.
[07:30.890 --> 07:35.650]  Obviously, if you want to connect to a Wi-Fi, everyone is doing it now.
[07:35.650 --> 07:38.750]  So, you know, it's the part of daily routine now.
[07:38.750 --> 07:41.930]  So you have your access point in your home, at your office,
[07:41.930 --> 07:47.330]  and then you have a Wi-Fi card which you have connected to your desktop externally
[07:47.330 --> 07:52.510]  or, you know, you can have a laptop which automatically comes with it,
[07:52.510 --> 07:56.550]  your phones, all of these have internal Wi-Fi cards.
[07:56.590 --> 07:59.370]  So, you know, also they have antennas.
[07:59.490 --> 08:02.450]  So using that, your device connects to the access point
[08:02.450 --> 08:05.570]  and then you're able to exchange traffic with it, right?
[08:05.570 --> 08:07.810]  So that's the basic thing about it.
[08:07.950 --> 08:11.970]  Now, when in normal mode, these cards,
[08:11.970 --> 08:16.070]  they don't actually look at the traffic of other cards.
[08:16.070 --> 08:19.810]  So, you know, if you are sitting somewhere and there are multiple clients
[08:19.810 --> 08:25.530]  and multiple routers or access points, as you like to call them,
[08:25.530 --> 08:30.970]  if there are multiple of these pairs, they are transmitting data back and forth, right?
[08:30.970 --> 08:35.710]  So, but the card that your machine is using in normal operation,
[08:35.710 --> 08:40.870]  it will only consider or it will only show you the traffic that is, you know,
[08:40.870 --> 08:42.450]  that is for your machine.
[08:42.450 --> 08:47.070]  All the other, it, you know, it totally rejects that.
[08:47.070 --> 08:48.690]  It totally ignores that.
[08:49.030 --> 08:52.610]  So if you want to take a look at other people's traffic,
[08:52.610 --> 08:55.230]  it can't be done in the normal mode.
[08:55.230 --> 08:59.050]  So for that, you have something called as monitor mode.
[08:59.230 --> 09:04.170]  If you guys have done a sniffing of other people's machine on LAN,
[09:04.170 --> 09:06.910]  it's also known as promiscuous mode there.
[09:07.090 --> 09:11.930]  So monitor mode allows you to look at the traffic in the vicinity.
[09:12.450 --> 09:16.810]  You can do sniffing and then you can go for attacks and all of those things.
[09:17.470 --> 09:22.510]  So first of the things that you need is a Wi-Fi card,
[09:22.510 --> 09:27.690]  which allow you to sniff, which actually allow you to put it into monitor mode.
[09:27.930 --> 09:32.890]  So here are some of the cards which actually allows monitor mode.
[09:32.890 --> 09:37.870]  You can order one from Amazon or some other, you know, e-commerce market.
[09:38.510 --> 09:40.710]  So this was the old way of doing it.
[09:40.710 --> 09:42.430]  It was the conventional way of doing it.
[09:42.450 --> 09:45.730]  Now, suppose you're dealing with something advanced, right?
[09:46.390 --> 09:52.190]  You know, you're dealing with 11 AC points, which is transmitting data on a very high pace.
[09:52.190 --> 09:57.190]  At that point, what you can do is you can go for an off-shelf access point.
[09:57.290 --> 10:03.310]  You can write, you know, with your own firmware and then you can use it for sniffing.
[10:03.310 --> 10:08.990]  The reason for doing that is for high performance access points.
[10:08.990 --> 10:16.190]  Your cards will not be able to match the throughput or the capacity of those access points.
[10:16.230 --> 10:22.070]  So if you have an access point, you have a better chance to not miss the traffic that is being transmitted
[10:22.070 --> 10:25.190]  or received by that specific access point.
[10:26.370 --> 10:31.570]  Now, you know, because firmware is not something that, you know, that is like Windows software.
[10:31.570 --> 10:35.250]  It's not like you download it and you click run and it runs and installs.
[10:35.250 --> 10:38.970]  It's not like that. And that's where a lot of people face problems.
[10:38.990 --> 10:43.650]  So when you buy a router, you know, of the shelf routers from market
[10:43.650 --> 10:49.210]  and you want to transform it into sniffer, you can use something like OpenWRT.
[10:49.210 --> 10:54.550]  So OpenWRT is a Linux based project for these embedded devices,
[10:54.550 --> 11:00.270]  which actually allow you to customize and, you know, customize your routers and access points.
[11:00.270 --> 11:03.630]  You can use it in access point mode. You can make it something else.
[11:03.630 --> 11:08.170]  You can make it a hacking gadget. So all of that, it actually allows you.
[11:08.170 --> 11:14.250]  It has support for most of the hacking and recon tools, especially for Wi-Fi and all.
[11:14.370 --> 11:18.370]  So you can use it if you want to go for the higher throughput ones.
[11:18.810 --> 11:24.050]  So now let's talk about some basic terminology that will help us, you know,
[11:24.050 --> 11:27.830]  in the workshop or the later parts of the workshop.
[11:28.070 --> 11:34.190]  So first, station or STA in short is nothing but a wireless client.
[11:34.190 --> 11:37.010]  It can be your mobile. It can be your laptop.
[11:37.170 --> 11:41.050]  It can be a desktop, you know, with a Wi-Fi card on it.
[11:41.370 --> 11:46.110]  Then comes BSS. BSS stands for Basic Service Set.
[11:46.790 --> 11:53.630]  So BSS, when you will hear about it, it is to refer a set of access point and a client.
[11:53.750 --> 11:57.610]  If you know they are operating in that or it can be ad hoc clients,
[11:57.610 --> 12:00.630]  which, you know, do not need access point to connect.
[12:01.490 --> 12:05.770]  ESS is a set which contains multiple BSS.
[12:06.210 --> 12:13.730]  And similarly, then ESSID or SSID is the name which we use to identify that ESS.
[12:13.950 --> 12:18.330]  So suppose you have a Wi-Fi network, you put some name on it, right?
[12:18.510 --> 12:22.630]  Home Wi-Fi or something. So that is SSID, right?
[12:22.630 --> 12:26.250]  It's important to remember. That's why, you know, I'm explaining it again.
[12:26.570 --> 12:30.370]  SSID is the name of the Wi-Fi network that you are using.
[12:31.030 --> 12:39.470]  And now ESSID refers to the MAC address of the access point that is giving you the Wi-Fi, right?
[12:39.630 --> 12:46.750]  So ESSID will be the MAC address and you will be able to see it when you connect with that Wi-Fi.
[12:46.750 --> 12:49.570]  Not in your Windows machine, you know, directly.
[12:49.630 --> 12:53.930]  You have to do some dig through or you have to look at the packets to see it.
[12:54.470 --> 12:56.670]  Then comes the distribution system.
[12:56.670 --> 13:04.890]  So generally distribution system refers to the network which connects access point with the larger network.
[13:06.250 --> 13:09.490]  So again, some examples of VSS.
[13:09.490 --> 13:14.470]  You can see that in the first picture here, you have a VSSID.
[13:15.110 --> 13:18.410]  You know, this AP, you have this access point.
[13:18.410 --> 13:23.790]  And then there are two nodes which will be connected to this.
[13:23.790 --> 13:28.750]  Similarly, in ad-hoc configuration, you can see that there is no access point.
[13:28.750 --> 13:33.910]  But, you know, these machines are connecting with each other.
[13:36.870 --> 13:41.270]  ESS is... it consists of DS, which is connecting to access points.
[13:41.270 --> 13:45.190]  And then it consists of two VSS also.
[13:45.450 --> 13:48.510]  Two or more actually. Two in this figure.
[13:49.370 --> 13:51.670]  Now coming to WDS.
[13:51.670 --> 13:54.390]  WDS is a wireless distribution system, right?
[13:54.390 --> 14:01.050]  So suppose you want to deploy an access point in such a location where you don't have a wire, right?
[14:01.050 --> 14:03.490]  You don't have an Ethernet connectivity there.
[14:03.490 --> 14:11.170]  So what you can do is you can use an access point which has wired connectivity to extend the network.
[14:11.390 --> 14:18.670]  And this bridge or this link between these two access points is known as WDS link.
[14:18.670 --> 14:20.330]  And then you can cover more ground.
[14:20.330 --> 14:26.650]  So it's also known as mesh networking in Wi-Fi, if you read about it.
[14:27.990 --> 14:33.510]  So now there are three main type of packets in Wi-Fi.
[14:33.510 --> 14:36.250]  First is the management packet.
[14:36.310 --> 14:46.390]  Management packets are used to connect, to disconnect, or to manage the devices, if you want to say, on board.
[14:46.390 --> 14:53.830]  Similarly, control packets are something which deal with the transmission control and other things.
[14:53.890 --> 14:58.550]  But that is not something that we are going to look into a lot.
[14:58.650 --> 15:06.190]  And the third one, data, as the name suggests, these are the packets which will actually carry the real data.
[15:07.070 --> 15:10.030]  And then you have different subtypes in these.
[15:10.030 --> 15:14.310]  You can read about these. This table is available on the Internet.
[15:14.310 --> 15:17.570]  You can see that there are multiple management packets.
[15:17.570 --> 15:22.210]  You have association request, association response.
[15:22.470 --> 15:26.370]  And similarly, you have beacons and probes and whatnot.
[15:29.210 --> 15:40.970]  So to summarize the Wi-Fi environment, you have an access point, which is currently operating a Wi-Fi network, which will be identified by its SSID.
[15:40.970 --> 15:42.670]  That's the Wi-Fi network name.
[15:42.670 --> 15:48.930]  And then the SSID will be there because the MAC address needs to be there on the access point.
[15:49.510 --> 15:53.470]  And this SSID will then send the beacons out.
[15:53.470 --> 16:05.290]  So beacons are the packets which your access point uses to advertise that, hey, I'm using or, you know, I'm providing you the specific Wi-Fi that you can use.
[16:06.170 --> 16:14.890]  If a client has already connected to this Wi-Fi, instead of waiting for a beacon frame, it can also do probing.
[16:14.890 --> 16:25.490]  So by probing, it sends a probe message looking for that specific network, which it already connected to once or multiple times in the past.
[16:25.490 --> 16:37.710]  So once your client discovers the Wi-Fi network, then it goes ahead, it exchanges some packets with the access point, and then it connects with the access point.
[16:37.710 --> 16:42.970]  And, you know, after that, you can transmit data, you can access Internet and other things.
[16:44.470 --> 16:49.510]  So now, because, you know, it was not the wired thing, it's wireless, right?
[16:49.510 --> 16:58.290]  Your packets are open, anyone with the monitor mode interfaces can capture it and then, you know, can look into what you are doing if it is not encrypted.
[16:58.290 --> 17:09.850]  So that's the reason why we needed Wi-Fi encryption standards, so that we can protect our data from being sniffed by other people, right?
[17:10.250 --> 17:20.870]  At your home, it might not matter. But, you know, especially if you are at a coffee shop, if you are at your office, if you're at an airport, all of this matters, right?
[17:21.810 --> 17:28.870]  So here are some of the standards that we are going to talk about. We are going to talk about WEP. That was the oldest standard.
[17:29.610 --> 17:41.270]  I hope that no one is using it now, but still, you know, you will find it somewhere in a CTF or in someone's home who is not very tech-savvy or, you know, old.
[17:41.970 --> 17:54.470]  WPA, WPA2 are the ones that are currently used. These can be used in two different configurations. One is the PSK or pre-shared key.
[17:54.470 --> 18:04.810]  It's also known as WPA or WPA2 personal, because it is meant to be personal use. And then there's enterprise one, which is meant for enterprise use.
[18:04.970 --> 18:18.930]  WPA3 is the latest standard. It is something that you will see in mainstream, you know, within a year or maybe this year. In some places, you might have already been started seeing this.
[18:20.170 --> 18:33.250]  So now to do the recon and the cracking for WEP and WPA, PSK, we are going to use Aircrack-NG suite of tools.
[18:33.250 --> 18:50.010]  So it's a set of tools which allows you to do different things. So Aerodump-NG and Airmon-NG will allow you to capture the traffic, you know, to monitor the waves, to see the devices, access points that are in the vicinity.
[18:50.590 --> 18:59.430]  Airbase-NG and Airreplay-NG allows you to create a honeypot to send deauthentication messages, to replay the messages.
[18:59.430 --> 19:10.150]  And similarly, if you want to crack the key or the passphrase for WEP or WPA-PSK, you use Aircrack-NG.
[19:10.270 --> 19:18.730]  So you can know more about these by searching about these on Google. This tool is used a lot. So you'll find multiple videos on it.
[19:19.670 --> 19:26.730]  So now we'll talk about how to do basic recon with Airmon and Aerodump.
[19:28.710 --> 19:36.410]  So now it's the demo time. And for that, we will shift to our demo setup.
[19:37.150 --> 19:54.130]  So this is the portal that we are going to use to learn about these attacks. The URL is blurred. As of now, don't worry about it. We'll post the link to it in the YouTube description part.
[19:54.850 --> 20:03.150]  So if you go down, you'll see that we have a course here which says Wi-Fi Basics Workshop.
[20:03.150 --> 20:15.670]  You press start on it. It will show you four different scenarios. First is the Wi-Fi basics and then you have attacking WEP, you have attacking WPA2 Enterprise and PSK.
[20:16.070 --> 20:20.150]  So we are going to start the Wi-Fi basics one.
[20:20.690 --> 20:29.310]  So we chose this interface because, you know, as you can automatically see, you have commands on this side, you have lab on this side.
[20:29.310 --> 20:35.170]  So it will help you to learn because, you know, you are the beginner people. So it really helps if you have guidelines ready.
[20:35.170 --> 20:43.270]  Instead of searching on it on a blog and then coming back and then pasting and making mistakes and going back. Right. That actually wastes a lot of time.
[20:43.930 --> 20:51.730]  So what we will do now, we will select a server from here. In your case, you might only see one option.
[20:52.930 --> 21:05.440]  Solve this recapture. And then you start the lab.
[21:06.460 --> 21:10.820]  It will take some time in starting the lab, so please be patient.
[21:12.760 --> 21:21.600]  So the lab is ready now. What we have to do is on the left hand panel, we will read about the steps.
[21:21.920 --> 21:26.440]  So first is check Wi-Fi interfaces present on this system.
[21:26.540 --> 21:31.300]  And then to fire this, we will use this button.
[21:31.740 --> 21:39.300]  Oh, please use Firefox for this exercise. It might feel it might face some issues on Chrome and others.
[21:39.300 --> 21:49.180]  So if you click this, the command will execute and you will see that we have a WLAN0 interface, which is in managed mode.
[21:49.180 --> 21:54.300]  So as we discussed before, managed mode is good for normal operation.
[21:54.300 --> 22:01.160]  But if you want to do the recon and the sniffing and other things, this won't be enough.
[22:01.320 --> 22:08.100]  So you have to put it in monitor mode. And that's what we are doing in step two.
[22:08.100 --> 22:12.160]  So this is the command to put it in the monitor mode.
[22:12.160 --> 22:20.480]  As you can observe, IWDEVWLAN0, the name of the interface, and then set monitor now.
[22:20.480 --> 22:27.480]  So I'll press this. And it seems that the command has run.
[22:27.840 --> 22:32.900]  Now, let's again run this command to see if it is in monitor mode.
[22:33.600 --> 22:36.540]  Yes, it is. So we are ready now.
[22:36.540 --> 22:42.320]  So now what we will do, we will run aerodump-ng on WLAN0.
[22:42.400 --> 22:45.640]  And we will not define any other options for now.
[22:45.640 --> 22:52.200]  We will let it jump on all the channels of 2.4 GHz and find what it can.
[22:52.640 --> 23:03.260]  So press this. And as you can observe here, now it is looking for different ESSIDs or SSIDs.
[23:03.260 --> 23:08.420]  You can also see the corresponding ESSIDs, corresponding channels.
[23:08.520 --> 23:16.340]  And you can also see some of the stations, which means these are laptops or these can be phones.
[23:16.340 --> 23:20.460]  In this case, this is emulated lab, so obviously these are none.
[23:20.460 --> 23:29.920]  But in realistic scenario, you will see the phones, the laptops, other machines, sending probe requests, looking for the specific Wi-Fi.
[23:30.800 --> 23:37.860]  Right. So this is how you can check which devices are in the vicinity.
[23:38.340 --> 23:41.720]  So do a CTRL-C to stop it.
[23:41.760 --> 23:45.120]  And then let's move to the next screen here.
[23:45.880 --> 23:52.680]  Now suppose I am only interested in looking at traffic of channel 1.
[23:52.680 --> 23:56.000]  So in that case, I can fire this command.
[23:56.000 --> 24:02.200]  And here with argument-C, I have defined the channel number.
[24:03.260 --> 24:07.360]  So what you will see here is this time this channel will not jump.
[24:07.540 --> 24:13.400]  And you will only see the traffic which is coming on this specific channel. Right.
[24:14.520 --> 24:21.180]  So this is how you use AeroDump to do basic recon.
[24:21.700 --> 24:24.980]  And with this, our lab is done.
[24:26.000 --> 24:27.500]  We will stop the lab after this.
[24:27.900 --> 24:29.900]  And we will get back to the slides.
[24:33.250 --> 24:39.570]  So now I will pass it over to my colleague Jaswin who will go through the WEP part.
[24:40.070 --> 24:46.430]  And then I will meet you guys again when we will discuss WPA2-PSK and WPA2-Enterprise.
[24:46.850 --> 24:52.530]  Hello everyone. Next we will take a look at WEP, Wired Equivalent Privacy.
[24:52.530 --> 24:59.510]  When it comes to wired network, the physical proximity itself acts as a security mechanism.
[24:59.650 --> 25:08.370]  That is, we need to get into the building physically, find a port, plug in our device and sniff the traffic or perform an attack.
[25:08.450 --> 25:14.470]  Whereas in case of wireless networks, we have radio waves which are not bound by walls.
[25:14.530 --> 25:17.990]  Therefore, it is very easy to intercept the traffic.
[25:17.990 --> 25:24.010]  WEP was the original IEEE standard to add security to wireless network.
[25:24.010 --> 25:29.190]  It provided security equivalent to that of wired network and hence the name.
[25:29.990 --> 25:34.910]  WEP used RC4 stream cipher for generating the key stream.
[25:34.910 --> 25:42.370]  It supported 40-bit shared key which is equivalent to 5 ASCII characters or 10 hexadecimal characters.
[25:42.370 --> 25:48.630]  And a 104-bit shared key which is equivalent to 13 ASCII characters or 26 hex characters.
[25:49.510 --> 26:02.050]  Now, if the same key is used to encrypt multiple plain text messages, what the attacker can do is analyze the ciphertext to generate the pattern and the attacker can ultimately find the key.
[26:02.370 --> 26:06.310]  To prevent this, an initialization vector is added to the key.
[26:06.310 --> 26:11.570]  In case of WEP, the initialization vector had length of 24 bits.
[26:11.570 --> 26:17.730]  Therefore, the encryption key had the length of 64-bit or 0.28-bit.
[26:18.230 --> 26:22.770]  WEP used CRC32 for generating the integrative check value.
[26:22.770 --> 26:25.430]  Now, let's take a look at the encryption process.
[26:25.590 --> 26:30.370]  So, here we have the initialization vector, key and the message.
[26:30.370 --> 26:37.690]  The initialization vector and key is passed to the key scheduling algorithm and the pseudo random number generator.
[26:37.690 --> 26:42.470]  It generates the key stream which will be used to encrypt the data.
[26:42.470 --> 26:44.850]  For the second part, we have the message.
[26:44.890 --> 26:54.390]  The integrity check value is generated of the message and is concatenated with the message and then it is encrypted.
[26:54.450 --> 27:02.690]  The integrity check value is generated so that after decryption, we can verify that the message has not been tampered with.
[27:02.690 --> 27:11.830]  So, finally, the message and the ICD is XORed with the key stream to generate the ciphertext.
[27:11.830 --> 27:18.670]  In the end, the packet has initialization vector, 2-bit key ID, ciphertext and ICD.
[27:18.670 --> 27:21.510]  Now, let's take a look at the decryption process.
[27:22.070 --> 27:28.590]  In the decryption process, we have initialization vector, 2-bit key ID, ciphertext and ICD.
[27:28.590 --> 27:36.770]  We'll get the key from the key ID and we'll feed it to the key scheduling algorithm along with the initialization vector.
[27:36.870 --> 27:43.860]  This is further passed to the pseudo random number generator and the key stream is generated which will be used to decrypt the ciphertext.
[27:44.290 --> 27:51.610]  The ciphertext is XORed with the key stream to generate the message and the ICD.
[27:51.610 --> 27:59.730]  Now, the ICDs are compared and if both of them match, the packet is considered. Otherwise, it is discarded.
[28:00.310 --> 28:04.270]  Now, the next question arises, what was the weakness of WEP?
[28:04.370 --> 28:12.570]  The major weakness in WEP was the length of the initialization vector. 24-bit was not enough.
[28:12.790 --> 28:18.290]  And as a result, when we have large number of packets, the ID will get repeated.
[28:18.290 --> 28:27.610]  And once the attacker has all of these ciphertexts with repeated IDs, the attacker can easily find out the shared key.
[28:27.610 --> 28:35.190]  Now, the attacker has two options. One is to wait and sniff all the traffic till we get enough number of IDs.
[28:35.190 --> 28:45.730]  Or the attacker can inject a packet to force the access point to send more packets and therefore the attacker will get more number of IDs.
[28:45.730 --> 28:52.030]  And this way, the second option fastened the process and made it possible to crack any WEP key.
[28:53.710 --> 29:06.410]  Now, to crack a 64-bit WEP key, usually 250,000 IDs are required. And to crack a 128-bit WEP key, 1.5 million IDs are required.
[29:06.410 --> 29:14.090]  But with the technique such as PDW, it is possible to crack WEP keys with a very less number of IDs.
[29:14.090 --> 29:25.850]  So, to crack WEP keys, there are many methods. Few of the methods are break authentication, capillarity attack, chop-chop attack, fragmentation attack, and PDW attack.
[29:26.770 --> 29:34.790]  Now, in order to crack the WEP key, we will start by sniffing the traffic, identifying the SSID, VSSID, and the channel number.
[29:35.150 --> 29:42.350]  Now, in order to send packets to the access point, the MAC address of the attacker has to be authenticated with the access point.
[29:42.350 --> 29:47.370]  Otherwise, any packet we send will get blocked and will get a deauthentication.
[29:48.090 --> 29:53.810]  Now, in order to authenticate the MAC address, fake authentication can be used.
[29:53.810 --> 30:04.770]  So, what happens in fake authentication is, we tell the access point that we can prove that we have the shared key, but we will not send the shared key yet.
[30:04.770 --> 30:14.650]  This way, the access point will add the MAC address of the attacker to the list of clients who can send packets to the access point.
[30:15.150 --> 30:22.670]  Now, since we have not sent the shared key to the access point, we cannot transmit data.
[30:22.690 --> 30:30.770]  However, we can capture the data from the legitimate client connected to the network and then replay those packets.
[30:30.770 --> 30:33.310]  Now, this is exactly what we are going to do.
[30:33.310 --> 30:42.490]  First, we will capture the op request sent by the already connected client and then we will replay it to the access point.
[30:42.870 --> 30:51.470]  So, when the access point gets the op request, it will rebroadcast the op request with a new initialization value.
[30:51.470 --> 31:01.670]  This way, we can continuously send op requests to the access point to get more and more op requests with new initialization vectors.
[31:02.050 --> 31:09.190]  Once we have enough number of initialization vectors, we can use aircrack-ng to crack the web key.
[31:09.190 --> 31:12.150]  So, now let's take a look at a demo.
[31:12.150 --> 31:16.350]  So, we will quickly select the server and install the capture.
[31:21.040 --> 31:25.540]  Then we will start the lab. It should take a couple of seconds for the lab to come up.
[31:26.940 --> 31:31.140]  The lab is now ready. Let's increase the size of the pond.
[31:31.220 --> 31:34.480]  We will start testing the interfaces on the machine.
[31:34.480 --> 31:39.140]  So, we have two interfaces. One is wlan1 and another is wlan2.
[31:39.140 --> 31:45.200]  Both are in managed mode. So, we will set wlan0 into monitor mode.
[31:45.720 --> 31:48.280]  And we will check the list of interfaces again.
[31:48.780 --> 31:52.800]  So, now we can see wlan0 is in monitor mode.
[31:52.900 --> 31:56.760]  Now, let's check the networks which are present in the vicinity.
[31:56.980 --> 31:59.800]  We can do this with the help of aircrack-ng command.
[32:00.260 --> 32:07.140]  So, now as you can see, we have epic-media-proc, which is using VIP on channel 6.
[32:07.640 --> 32:14.720]  So, next, what we will do is we will start a capture in channel 6 and write these packets into capture file.
[32:14.720 --> 32:20.720]  Now, if we just keep sniffing, it could take a lot of time to get enough number of packets.
[32:20.780 --> 32:29.200]  So, what we are going to do is, we will start a pre-play attack in order to generate more number of packets.
[32:31.950 --> 32:35.530]  So, we will start our pre-play attack.
[32:35.910 --> 32:39.870]  And now we need around 10,000 data packets.
[32:41.690 --> 32:46.850]  Currently, we can see we have 83,132 and the number increased.
[32:46.910 --> 32:50.430]  So, now we have 10,000 data packets. We will stop the capture.
[32:50.750 --> 32:55.170]  And we will also stop attacking the access point.
[32:55.170 --> 33:00.090]  Now, we will use aircrack-ng command to crack the IP.
[33:00.230 --> 33:03.330]  We will have to mention which network we want to target.
[33:03.330 --> 33:09.130]  In this case, we have epic-media-proc, which is having the index of 4.
[33:09.130 --> 33:11.070]  So, we will enter 4 now.
[33:11.530 --> 33:13.750]  And then, we will start cracking.
[33:15.410 --> 33:17.730]  So, we were able to find the key.
[33:18.330 --> 33:21.670]  The key was 14332.
[33:26.840 --> 33:32.440]  So, guys, welcome back. I hope you enjoyed the WEP session.
[33:32.680 --> 33:36.020]  So, now we will talk about WPA2-PSK.
[33:36.020 --> 33:40.700]  This is the scheme that is widely used. You will find this at your home.
[33:40.700 --> 33:47.060]  And even in the smaller coffee shops or the restaurants or even the small offices.
[33:47.400 --> 33:51.680]  So, WPA2 came after WPA.
[33:51.680 --> 33:57.740]  WPA was a transitional scheme to move from WEP to WPA2.
[33:57.740 --> 34:03.020]  So, WPA2 uses dynamic keys unlike WEP.
[34:03.020 --> 34:08.840]  It uses AES encryption standard with CCMP mode in the CCMP mode.
[34:08.840 --> 34:11.800]  And the protocol is still secure.
[34:11.800 --> 34:18.960]  It is prone to passphrase brute forcing or the dictionary attacks if your password is not strong.
[34:18.960 --> 34:22.680]  But apart from that, the scheme is still secure.
[34:22.680 --> 34:30.880]  There were crack attacks that were discovered last year, which was for this specific scheme.
[34:30.880 --> 34:36.280]  But again, it is very important to understand that the problem was not in the scheme itself.
[34:36.280 --> 34:38.020]  It was in the implementation.
[34:38.020 --> 34:44.540]  So, the scheme, theoretically, if you choose a good strong password, it is good to go.
[34:44.540 --> 34:48.580]  But WPA2 also had its own shortcomings.
[34:48.580 --> 34:58.140]  It doesn't have forward secrecy, which means if I'm capturing all of your traffic today and if you're using WPA2-PSK,
[34:58.140 --> 35:06.720]  even if I don't have the password today, if I somehow manage to get the password two months after or two years after,
[35:06.720 --> 35:10.300]  I can still go back and decrypt all of your traffic.
[35:10.360 --> 35:14.340]  So, that is not good from security point of view.
[35:14.400 --> 35:17.140]  Similarly, there is no management frame protection.
[35:17.420 --> 35:26.500]  So, your receiver, when he receives a management frame, he doesn't have any way to tell that if it is coming from a real source
[35:26.500 --> 35:31.780]  or it is something which is sent by a hacker or a malicious user.
[35:31.780 --> 35:42.480]  And that's the reason why the deauthentication attacks, which are used widely for Wi-Fi DOS, the denial of service, work.
[35:42.480 --> 35:45.040]  So, you can read about deauthentication attacks.
[35:45.040 --> 35:46.300]  It's very common now.
[35:46.300 --> 35:48.920]  It's been used for quite some years now.
[35:49.180 --> 35:54.560]  And also, WPA2-PSK or personal is supposed to be personal.
[35:54.560 --> 35:57.400]  It is supposed to be used in a personal network.
[35:57.400 --> 36:07.980]  So, if you use it in a work environment or some place which you don't count as a personal space, it is also prone to insiders.
[36:08.140 --> 36:15.000]  So, if you have a malicious insider, he can actually see the traffic of all the people on that specific Wi-Fi.
[36:16.160 --> 36:21.420]  So, as we mentioned before, there are no static keys like WEP.
[36:21.420 --> 36:24.500]  So, idea is you generate a dynamic key.
[36:24.500 --> 36:28.680]  You use that to decrypt the traffic or encrypt the traffic.
[36:28.920 --> 36:33.600]  And then, you know, next time when you do this, you again generate the keys again.
[36:34.220 --> 36:42.220]  In saying it's very easy, but you need some way in which both the parties can have the keys.
[36:42.220 --> 36:45.480]  And then they can use them to encrypt and decrypt stuff.
[36:45.480 --> 36:48.040]  And obviously, this key needs to be the same, right?
[36:48.040 --> 36:50.680]  Because we are going to use the symmetric encryption.
[36:50.680 --> 36:51.800]  We have a lot of data.
[36:51.920 --> 36:56.540]  So, what we do in this case is we use something called PSK.
[36:56.540 --> 36:58.640]  That's where the PSK terms come.
[36:58.640 --> 37:00.060]  It's pre-shared key.
[37:00.060 --> 37:08.880]  So, you have a passphrase, which is, you know, between 8 to 63 letters long or characters long.
[37:08.880 --> 37:10.320]  And you use it.
[37:10.320 --> 37:12.860]  You feed it to pbkdf2.
[37:13.040 --> 37:15.420]  pbkdf2 is a function.
[37:15.420 --> 37:19.460]  It stands for password-based key derivation function.
[37:19.460 --> 37:24.680]  And it will actually give you a pre-shared key of 256 bit.
[37:24.800 --> 37:29.420]  The reason of doing this is passphrases are easier for human beings.
[37:29.420 --> 37:32.540]  Just like you have IP to domain mappings.
[37:32.540 --> 37:36.700]  Similarly, you can use passphrase to generate the pre-shared key.
[37:36.700 --> 37:43.220]  It's easier to remember something meaningful than, you know, than a chunk of random hex characters.
[37:44.000 --> 37:49.700]  So, when your access point is configured, it already knows the passphrase.
[37:49.700 --> 37:53.480]  When you connect to that network, you also know the passphrase.
[37:53.520 --> 37:54.980]  And that's how it works.
[37:54.980 --> 38:01.920]  So, both the parties, they can calculate the same PSK and then they can use it for connection.
[38:02.120 --> 38:09.620]  But again, as you can observe, PSK is not transient or not temporary in nature, right?
[38:09.620 --> 38:11.260]  It's not directly generated.
[38:11.260 --> 38:17.560]  You are converting it from the passphrase to the PSK, but that's not dynamic nature, right?
[38:17.740 --> 38:21.860]  It will remain same till the time you will not change the password, right?
[38:21.860 --> 38:29.880]  So, that's where we have to generate something else, which we refer to PTK from this.
[38:30.320 --> 38:34.560]  So, PMK is derived using this specific function here.
[38:34.560 --> 38:36.580]  You use PBKDF.
[38:36.580 --> 38:39.220]  You pass it the secret passphrase.
[38:39.240 --> 38:41.240]  You pass it the SSID name.
[38:41.860 --> 38:44.640]  And then the SSID name length.
[38:44.880 --> 38:48.680]  And then these numbers are there, which is 4096.
[38:48.680 --> 38:51.260]  It's the number of iteration that will happen.
[38:51.280 --> 38:56.500]  And then 256 is the intended key length for the PMK key that we are going to get.
[38:56.500 --> 39:01.260]  So, you can read more about PBKDF and all of this in RFC 2898.
[39:02.260 --> 39:09.100]  So, what will happen in WPA2 or even in WPA, we have this handshake.
[39:09.100 --> 39:10.740]  We call it four-way handshake.
[39:11.260 --> 39:21.040]  And this handshake is used to generate this specific temporary key that you use to pass the traffic on securely, obviously.
[39:21.460 --> 39:26.160]  So, when you have a client, it wants to connect to the access point.
[39:26.160 --> 39:28.560]  First of all, it will locate the access point.
[39:28.560 --> 39:30.760]  It will locate the Wi-Fi network.
[39:30.760 --> 39:38.140]  And after that, there are authentication and association messages, which are part of Wi-Fi protocol.
[39:38.140 --> 39:43.980]  But here, please don't confuse authentication with the thing that we are going to do now.
[39:44.140 --> 39:49.260]  So, it's more of a compatibility kind of thing rather than security.
[39:49.440 --> 39:52.460]  So, first four steps are pretty much the same.
[39:52.460 --> 39:57.080]  Your client, it will ask the AP that, hey, I want to connect.
[39:57.080 --> 39:59.360]  And your AP will say, okay, go ahead.
[39:59.380 --> 40:00.660]  So, this much is done.
[40:00.660 --> 40:04.080]  After this, both of them have pre-shared key.
[40:04.080 --> 40:06.700]  Why? Because both of them had passphrases.
[40:06.700 --> 40:11.100]  And when you have passphrases, you can derive PSK of 256-bit format.
[40:11.100 --> 40:13.720]  We just saw it in the previous slides.
[40:14.320 --> 40:17.620]  Now, your access point will send message 1.
[40:17.620 --> 40:18.780]  It's the first message.
[40:18.780 --> 40:19.880]  There are four messages.
[40:19.880 --> 40:21.940]  That's why it is four-way handshake.
[40:22.040 --> 40:28.340]  So, in first message, it will generate a random number or a random string.
[40:28.860 --> 40:30.780]  It will call it anons.
[40:30.820 --> 40:36.460]  And it will send it in a packet in plain text to the supplicant.
[40:36.700 --> 40:38.560]  Supplicant here is the client.
[40:38.560 --> 40:41.460]  Your mobile, laptop, you know, whatever it is.
[40:41.580 --> 40:45.620]  Now, what your client will do, it will take these anons,
[40:45.620 --> 40:51.080]  and it will also generate a random number or random string called snons.
[40:51.080 --> 40:54.860]  So, A here denotes to the authenticator or the access point.
[40:54.980 --> 40:59.500]  S here denotes the supplicant or this station.
[40:59.940 --> 41:05.000]  So, when you have snons and anons, which are randomly generated,
[41:05.000 --> 41:10.020]  you can use this specific function here to generate the PTK.
[41:10.100 --> 41:13.840]  PTK is the Pairwise Transient Key.
[41:14.220 --> 41:18.020]  And as you can observe here, we passed PMK to it.
[41:18.020 --> 41:26.760]  PMK is nothing but a key that we derived using the passphrase and SSID and SSID name length.
[41:26.820 --> 41:30.020]  And then you have anons and snons.
[41:30.020 --> 41:33.800]  These are randomly generated by access point and the client.
[41:33.800 --> 41:38.380]  And then you have access point MAC and the client MAC.
[41:38.380 --> 41:44.240]  So, this is the information which is now used to generate a temporary key.
[41:44.300 --> 41:49.640]  This is temporary because anons and snons are randomly generated.
[41:50.980 --> 41:53.840]  So, now this happens.
[41:53.840 --> 41:56.660]  So, this guy can generate a PTK.
[41:56.660 --> 42:01.900]  Now, what it will do, it will send snons plus MIC.
[42:01.900 --> 42:06.960]  MIC or Michael is used to verify the integrity of a message.
[42:07.220 --> 42:08.740]  And it is signed by a key.
[42:08.740 --> 42:15.460]  So, in this case, the key that we have used, that we have generated, is used to sign this message.
[42:15.780 --> 42:19.640]  And again, anons and snons are in plain text.
[42:19.820 --> 42:22.200]  So, it will be sent to the access point.
[42:22.340 --> 42:24.680]  Now, access point has all the information.
[42:24.680 --> 42:26.580]  So, it will also generate PTK.
[42:26.660 --> 42:29.580]  So, what it will do, it will generate its PTK.
[42:29.580 --> 42:31.480]  It will check this MIC.
[42:31.480 --> 42:37.340]  And then it will generate MIC for this specific packet and match the MIC to MIC.
[42:37.620 --> 42:45.200]  Now, if this MIC matches, it means the PTK is same with the both parties.
[42:45.280 --> 42:49.740]  In that case, access point will go ahead, install the key for use.
[42:49.740 --> 42:55.240]  And it will also send a message to the client that, you know, this key is good.
[42:55.240 --> 42:56.820]  Please go ahead with it.
[42:56.820 --> 43:04.520]  And then client will also say, okay, I have installed the key and now we can use this key for encrypting the traffic.
[43:04.560 --> 43:06.100]  And then the encryption starts.
[43:06.540 --> 43:20.720]  Now, if suppose the access point, if it does not have the same PMK, you know, the passphrase is different for access point and the client, then the PTK will be different.
[43:20.720 --> 43:23.560]  Because, you know, it depends on PMK, right?
[43:23.560 --> 43:25.480]  Then the MIC check will fail.
[43:25.480 --> 43:29.480]  And in that case, access point will reject it and it will not connect.
[43:29.840 --> 43:34.960]  So this is how the authentication works in WPA four-way handshake.
[43:37.410 --> 43:41.150]  So again, to reiterate, you have the PF passphrase.
[43:41.150 --> 43:42.930]  You use PBKDF.
[43:42.930 --> 43:48.870]  You put it, you gave it SSID name, length, and you generated a pre-shared key.
[43:48.870 --> 43:50.910]  That is 256 bit in length.
[43:50.990 --> 43:55.070]  And then from four-way handshake, you get all of this information.
[43:55.210 --> 43:59.770]  You get S-nones, A-nones, because again, these are transmitted in plain text.
[43:59.770 --> 44:00.990]  There is no encryption.
[44:01.450 --> 44:05.890]  And then APMAC and ClientMAC is something that you can easily see.
[44:06.310 --> 44:08.510]  And from there, you will generate the PTK.
[44:08.510 --> 44:11.050]  You will use the PTK to encrypt the traffic.
[44:11.330 --> 44:22.110]  So now, from an attacker's angle, if you want to perform an attack, a dictionary attack to guess the PTK, how you will do it?
[44:22.110 --> 44:23.770]  You will take a dictionary.
[44:23.770 --> 44:28.210]  You will take one passphrase from dictionary at one time.
[44:28.450 --> 44:36.410]  And you will generate the PTK, because obviously, you also need to have this information, which will come from four-way handshake.
[44:36.410 --> 44:39.930]  Once you have this, you can generate the PTK.
[44:39.930 --> 44:45.430]  You have a packet from the real access point on client, which has MIC.
[44:45.430 --> 44:47.230]  You will generate the MAC.
[44:47.230 --> 44:50.250]  You will generate the MIC.
[44:50.250 --> 44:52.590]  And then you will compare the MIC.
[44:52.590 --> 44:57.590]  If MIC is correct, then you have done it.
[44:57.590 --> 45:00.790]  You have got the right passphrase for it.
[45:00.790 --> 45:02.970]  So this is how the dictionary attack will work.
[45:03.530 --> 45:06.490]  Now, look at the information what we need, right?
[45:06.490 --> 45:11.690]  So all packets will have AP and ClientMAC, because, you know, one is sender, one is a receiver.
[45:12.470 --> 45:16.270]  A-nonce is going in packet one and packet three.
[45:16.510 --> 45:19.350]  And S-nonce is going in packet two.
[45:19.350 --> 45:28.190]  So now, what you can do here is, you can either take all four packets, or you can either take packet one or two.
[45:28.190 --> 45:33.650]  And you will have all the information that you need to crack WPA2-PSK.
[45:34.290 --> 45:37.670]  And again, deauthentication, we already talked about it.
[45:37.670 --> 45:42.090]  It's a packet that you send, you know, you spoof it.
[45:42.090 --> 45:46.910]  You send it to client from posing as, you know, access point.
[45:46.910 --> 45:50.810]  If you are sending it to access point, you will pose as, you know, one of the clients.
[45:50.910 --> 45:56.270]  And then you will tell the other party that, you know, I don't want to be connected to you anymore.
[45:56.930 --> 46:03.850]  So in that case, the other party will think that this message is being sent by the real party and, you know, it will disconnect.
[46:04.430 --> 46:13.430]  So this comes handy when you have access point connected with a client and you want this to move so that you can capture the four-way handshake.
[46:13.430 --> 46:19.790]  Because remember, four-way handshake will only take place when you are connecting to the device first time.
[46:19.810 --> 46:24.390]  When you are connecting to the access point, only then your client will do the four-way handshake.
[46:24.390 --> 46:27.910]  If it's already connected, there is no need to do the four-way handshake.
[46:28.010 --> 46:35.190]  So if we want to capture four-way handshake for our device, which is already connected, we have to do a deauthentication.
[46:37.050 --> 46:41.470]  So now it's the demo time. We will do this using the same lab.
[46:41.470 --> 46:48.230]  The principles are very simple. WPA-PSK is using a weak passphrase, which is present in our dictionary.
[46:48.510 --> 46:52.610]  We will capture the four-way handshake and then we will attack it.
[46:53.310 --> 46:55.530]  So let's move to the lab.
[46:57.290 --> 47:00.890]  So let's go to attacking WPA-2-PSK.
[47:02.130 --> 47:05.510]  Again, you have to select a zone from here.
[47:07.470 --> 47:10.770]  Prove to this guy that you are not a robot, you are a human.
[47:12.410 --> 47:15.290]  And then start the lab and wait.
[47:15.690 --> 47:19.050]  And the lab is ready. We'll follow the same drill.
[47:19.310 --> 47:23.230]  First, let's check the Wi-Fi interface.
[47:23.250 --> 47:29.090]  There is a Wi-Fi interface in managed mode and its name is WLAN0.
[47:29.530 --> 47:31.610]  We'll put it in monitor mode.
[47:32.050 --> 47:34.410]  Let's check if it is there.
[47:34.670 --> 47:36.650]  Yes, it is in monitor mode.
[47:36.650 --> 47:42.630]  Now let's run AeroDump on WLAN0.
[47:42.870 --> 47:53.610]  And here we can observe that this is the SSID protected network, which is using WPA-2-PSK.
[47:53.910 --> 47:59.770]  So let's press CTRL-C and move to the next step.
[48:01.840 --> 48:07.360]  SSID protected network is the one that we want to do the attack on.
[48:08.020 --> 48:13.680]  So for that, what we want to do is we need to capture the four-way handshake, right?
[48:13.980 --> 48:17.480]  So it is running on channel 4.
[48:17.480 --> 48:26.280]  So what we will do, we will run AeroDump packet capture on channel 4 using this command.
[48:27.200 --> 48:30.680]  And as you can observe, it is now doing that.
[48:33.770 --> 48:42.170]  If you wait for some time, it will also find the client that is attached to this specific machine.
[48:42.430 --> 48:45.730]  If you are not able to see it, don't worry.
[48:45.730 --> 48:51.750]  We will do a broadcast deauthentication on this VSSID and then also it will work.
[48:51.750 --> 49:00.310]  But, you know, as you can observe here, AeroDump has found one client that is this client connected to this VSSID.
[49:00.310 --> 49:06.490]  Now, if you remember to capture the four-way handshake, we need to disconnect it, right?
[49:06.490 --> 49:10.330]  And for that, we are going to use deauthentication packet.
[49:10.970 --> 49:16.090]  And so we can launch it from the next tab, open a new tab.
[49:16.370 --> 49:26.950]  You can use the same WLAN0 interface to do this because, you know, you have set WLAN0 on channel 4 and you want to send this packet on channel 4 as well.
[49:26.950 --> 49:30.010]  So click on this.
[49:30.090 --> 49:40.910]  And you will see that AeroPlayNG is sending deauthentication packets, 100 packets, to this specific VSSID.
[49:41.170 --> 49:44.970]  Let's do control-C because I think these are enough.
[49:45.770 --> 49:49.170]  And let's go back here.
[49:49.210 --> 49:55.930]  And now what happened when we did this is this guy here, it was disconnected.
[49:56.590 --> 50:01.510]  And then it reconnected once we stopped the deauthentication attack.
[50:01.510 --> 50:06.410]  And when it did that, we captured handshake for it.
[50:06.870 --> 50:08.850]  So now we have handshake.
[50:10.030 --> 50:13.530]  You can also, you know, run commands on it if you like to.
[50:14.730 --> 50:19.070]  So you can observe that we have the file, the capture file here.
[50:19.070 --> 50:23.610]  We also have this specific dictionary here, which we will use to crack it.
[50:23.610 --> 50:29.430]  So now we can go ahead and try to crack it.
[50:29.430 --> 50:38.750]  We'll use AeroPlayNG with this dictionary and test-01.cap is the capture file.
[50:38.750 --> 50:41.990]  So run it. Attack is running.
[50:42.010 --> 50:45.130]  And we have found the right key.
[50:45.450 --> 50:48.790]  So the right passphrase is Raspberry.
[50:49.190 --> 50:52.170]  So with that, this demo is done.
[50:52.170 --> 51:00.170]  This is how easy it is to attack it if you are using a weak passphrase.
[51:03.750 --> 51:09.470]  So after WPA2-PSK, now we will talk about WPA2-Enterprise.
[51:10.150 --> 51:16.010]  We already learned about the shortcomings of WPA2-Personal.
[51:16.030 --> 51:20.730]  These are not really shortcomings, but it was designed in such a way.
[51:20.730 --> 51:23.470]  It was designed for personal spaces.
[51:23.470 --> 51:31.510]  So it was assumed that whoever is using the network, you don't need to hide your information from them.
[51:32.130 --> 51:40.250]  So that's the reason why same password was there and all the other people on the network had the capability to decrypt your traffic.
[51:40.310 --> 51:47.670]  But if you want to use this for your enterprise or for your company, this is going to be a problem, right?
[51:47.670 --> 51:50.930]  Because first thing is this insider threat.
[51:50.930 --> 51:56.530]  And the second thing is it is difficult to maintain the credentials because everyone is using the same passphrase.
[51:56.530 --> 52:00.530]  Now, suppose if this passphrase gets leaked, you have to change it.
[52:00.530 --> 52:05.530]  You have to inform everybody and you have to keep doing this again and again, right?
[52:05.730 --> 52:11.590]  So for that, these people came up with WPA2-Enterprise.
[52:11.590 --> 52:19.930]  So in WPA2-Enterprise, instead of using a passphrase, a RADIUS server is used for authentication.
[52:20.330 --> 52:25.650]  So this RADIUS server will maintain the credential list for all the authorized users.
[52:25.650 --> 52:32.070]  And then users can use their username, passwords to authenticate with the Wi-Fi.
[52:32.910 --> 52:35.850]  So it looks like this.
[52:35.850 --> 52:42.030]  So you have your Wi-Fi client, that is, you know, a laptop or a PC.
[52:42.030 --> 52:46.550]  And then you have the access point which is connected to the RADIUS server.
[52:47.130 --> 52:50.530]  So this RADIUS server is the authentication backend here.
[52:53.240 --> 52:56.060]  And then this is the handshake flow.
[52:56.060 --> 53:00.040]  So four-way handshake will be there because, again, it's WPA.
[53:00.340 --> 53:07.180]  But in this case, because there is no passphrase, EAP will be used.
[53:07.800 --> 53:10.540]  EAP is Extended Authentication Protocol.
[53:10.900 --> 53:17.050]  So EAP will be used to do authentication with the authentication server, that is, the RADIUS server in the backend.
[53:17.700 --> 53:25.260]  So your client, after doing the connection ritual, it will send a EAP poll start, which is the first packet.
[53:25.380 --> 53:28.220]  And then access point will ask it for its identity.
[53:28.220 --> 53:33.540]  So, you know, if you're using credentials, the username will be the identity.
[53:33.540 --> 53:38.320]  And this username will be then forwarded to the authentication server.
[53:38.440 --> 53:46.980]  So after this, the access point, you know, will be in the path, but it's not really doing anything.
[53:46.980 --> 53:50.880]  Your client and the authentication server will exchange some packets.
[53:51.100 --> 54:01.260]  And once it is proved to the authentication server that this guy or this client is the real client, it will generate a PMK.
[54:01.260 --> 54:07.960]  It's randomly generated, and then it will send this PMK to the access point and to the client.
[54:08.280 --> 54:11.520]  So you can observe the difference from the PSK here.
[54:11.520 --> 54:17.240]  It is not being generated from the passphrase that was known to both parties.
[54:17.680 --> 54:26.080]  And after, you know, you have PMK on both the parties, you will do the same four-way handshake and then, you know, data transfer will continue.
[54:26.080 --> 54:33.600]  Now, the scheme that we are going to talk about in this demo is a PEEP-MSCHAP-V2.
[54:33.600 --> 54:38.120]  So PEEP stands for Protected Extensible Authentication Protocol.
[54:38.180 --> 54:52.920]  It is known as protected or it is being referred as protected because all the EAP packets that will be exchanged between your client and your authentication server will go through a TLS tunnel.
[54:52.920 --> 54:57.300]  So even access point cannot look into it, right, what it is sending.
[54:57.740 --> 55:06.880]  And then MSCHAP, MS obviously stands for Microsoft, and then CHAP is Challenge Handshake Authentication Protocol.
[55:07.020 --> 55:16.060]  So it's a challenge response authentication protocol where one party will send a challenge and then the other party will send response and then, you know, they'll verify each other.
[55:16.140 --> 55:17.400]  So it's like that.
[55:17.400 --> 55:24.000]  So the user account credentials, the password and the username will be used.
[55:24.000 --> 55:32.360]  A TLS certificate will be used to create the tunnel and to make sure that the client is connecting to the correct authentication server.
[55:34.650 --> 55:37.450]  So this is how it looks.
[55:38.270 --> 55:47.610]  So till here, you can see that the request identity is asked by the RADIUS server or the access point, and then the username is provided.
[55:47.610 --> 55:52.250]  After that, it requests for the PEEP. RADIUS server is initiating PEEP.
[55:52.250 --> 55:55.270]  And then a TLS tunnel will be set up.
[55:55.270 --> 55:59.450]  So this certificate will be sent by the authentication server to the client.
[55:59.490 --> 56:05.590]  And the client, if it accepts it, after that, it will do the MSCHAP challenge.
[56:05.590 --> 56:08.850]  So the challenge will be sent by the RADIUS server.
[56:09.250 --> 56:14.530]  Your client is supposed to provide a response and send it to the RADIUS server.
[56:14.530 --> 56:22.990]  The RADIUS server will check it. If it is good, then EAP success will be conveyed and the PMK will be shared with the station.
[56:23.370 --> 56:34.130]  And on the same time, it will also share the PMK with the access point because PTK is the key that will be generated by the station and the access point.
[56:34.130 --> 56:36.270]  So RADIUS has nothing to do there.
[56:37.930 --> 56:41.610]  So now if you want to attack it, what are the ways?
[56:41.850 --> 56:53.690]  So what you can do is, instead of making the client connect to the real access point, you can create your own honeypot or fake access point or evil twin.
[56:54.070 --> 57:00.590]  And when the client will connect to it, obviously, because you don't have access to the real RADIUS server.
[57:00.590 --> 57:05.390]  Because if you had that, you could have taken credentials from there, right? You don't have that.
[57:05.550 --> 57:09.350]  So what you will do, you will emulate a fake RADIUS server.
[57:09.850 --> 57:16.790]  Which will say yes to all the credentials, right? And then here you are relying on the client that it will provide the real credentials.
[57:17.170 --> 57:22.470]  But before that, there is a problem with EAP, right? Because there is a TLS tunnel.
[57:22.470 --> 57:31.210]  And because the certificate that your fake access point or fake RADIUS will send, it will not match the real certificate.
[57:31.210 --> 57:38.850]  So your client will actually get a warning that this certificate doesn't match or we don't know this certificate.
[57:38.850 --> 57:51.110]  So at that point, if your client or if your user, he accepts this fake certificate, a non-real certificate, then you are in a problem.
[57:51.110 --> 57:54.330]  If you don't do this, then you are again safe.
[57:54.470 --> 58:00.970]  So you can say that this attack is a combination of technical as well as social engineering angles, right?
[58:01.090 --> 58:09.270]  So we are going to do this attack, but to keep it simple, what we will do instead of creating an evil twin, we will create a honeypot.
[58:09.270 --> 58:14.630]  So you don't have to do the deauth and all those things.
[58:15.810 --> 58:19.590]  So for that, we are going to use Hosteo PD Mana Toolkit.
[58:19.690 --> 58:23.950]  So it's a tool which can be used to create the rogue access point.
[58:25.030 --> 58:34.050]  It is generally used mainly for the enterprise networks because, you know, it will keep the hassle of creating a RADIUS and all, you know, away from you.
[58:34.050 --> 58:39.850]  You can directly go, you can fire three or four commands and, you know, you are good to go. You are good to do attack.
[58:41.590 --> 58:43.870]  So let's go for the demo now.
[58:44.630 --> 58:49.510]  So here, go for the attacking WPA2 enterprise.
[58:50.150 --> 58:56.130]  Same drill. You have to select the server. You have to prove that you are a human.
[58:56.770 --> 59:00.770]  And you might have to solve this, a recapture.
[59:05.420 --> 59:07.640]  So now the lab is ready.
[59:08.360 --> 59:13.100]  So let's see what interfaces are there on the lab.
[59:13.220 --> 59:18.360]  So here we can observe that there are two interfaces, WLAN0 and WLAN1.
[59:18.400 --> 59:22.580]  Let's put WLAN0 into monitor mode.
[59:22.960 --> 59:25.580]  And let's run aerodump on it.
[59:26.880 --> 59:35.200]  So what we can observe here is there is a client which is looking for AMAZE underscore LLC.
[59:35.620 --> 59:41.720]  So if we go to next step, we will see that the challenge is regarding this only.
[59:41.720 --> 59:45.140]  A client is probing for AMAZE underscore LLC.
[59:45.140 --> 59:51.340]  We have to create a honeypot and then we have to steal the credential for it.
[59:51.340 --> 59:55.700]  And this guy is using peepmschapv2.
[59:57.240 --> 01:00:00.280]  So let's do a control C here.
[01:00:01.080 --> 01:00:05.080]  We will also need the fake certificates as we talked about before.
[01:00:05.820 --> 01:00:10.500]  And there you go. We have provided you all the things that you need for this.
[01:00:10.500 --> 01:00:12.920]  If you scroll down.
[01:00:13.500 --> 01:00:19.540]  You will also see the configuration for the hosted PD mana.
[01:00:20.160 --> 01:00:22.520]  So what you have to do here is.
[01:00:22.520 --> 01:00:25.760]  First, you have to create this file.
[01:00:26.580 --> 01:00:28.800]  So I'm using VIM.
[01:00:29.140 --> 01:00:34.660]  VIM is mostly available in most environments, so you can use that.
[01:00:36.220 --> 01:00:38.660]  And let's copy this.
[01:00:39.460 --> 01:00:40.920]  And paste it here.
[01:00:43.640 --> 01:00:46.540]  And you have to format it.
[01:00:46.540 --> 01:00:50.640]  You have to make sure that everything is in separate lines.
[01:00:50.640 --> 01:00:52.100]  Let me do that.
[01:00:52.100 --> 01:00:54.720]  So now I have done the formatting for this file.
[01:00:54.720 --> 01:00:57.020]  Let's go over the configuration file.
[01:00:57.240 --> 01:00:58.920]  So first is the interface.
[01:00:58.920 --> 01:01:00.900]  We are using WLAN1.
[01:01:02.200 --> 01:01:04.000]  SSID is mentioned.
[01:01:04.000 --> 01:01:08.020]  We want to host a honeypot with AMAZE underscore LLC.
[01:01:08.660 --> 01:01:10.980]  And you can choose channel as per your liking.
[01:01:10.980 --> 01:01:12.880]  I have chosen 6 here.
[01:01:13.560 --> 01:01:17.840]  Hardware mode is G, which indicates the 11G.
[01:01:18.580 --> 01:01:22.960]  And then WPA3 means WPA2.
[01:01:23.680 --> 01:01:28.520]  And here we are using management TKE.
[01:01:28.960 --> 01:01:30.600]  Here you can put CCMP.
[01:01:30.600 --> 01:01:31.980]  You can put something else.
[01:01:32.520 --> 01:01:35.140]  So yeah, there's a mistake.
[01:01:36.030 --> 01:01:43.340]  When you put TKCCMP, which means you support both WPA and WPA2-PSK.
[01:01:44.400 --> 01:01:49.020]  And then, you know, for 1X, 1X is the EAP.
[01:01:49.020 --> 01:01:54.000]  And you're also hosting a fake backend server.
[01:01:54.000 --> 01:02:02.450]  And for that, we'll provide a special configuration in this file, which can be then used by our hosted PD Mana.
[01:02:02.450 --> 01:02:06.570]  And here you can observe the certificate, the key.
[01:02:06.590 --> 01:02:16.990]  All of that is provided so that when the tunnel forms, you know, the setup can get the information and then show us what it is.
[01:02:18.030 --> 01:02:28.210]  Mana EAP success actually signifies that doesn't matter what kind of credentials the user provides, we will always tell him that these are the correct ones.
[01:02:28.690 --> 01:02:30.730]  So this file is done.
[01:02:30.730 --> 01:02:33.030]  Let's create the second file.
[01:02:36.920 --> 01:02:43.640]  Let's move a little low and copy it from here.
[01:02:46.030 --> 01:02:47.330]  Paste it.
[01:02:49.230 --> 01:02:58.310]  So to know more details about these configurations, I'll suggest you visit hosted PD Mana's GitHub page.
[01:02:58.490 --> 01:03:01.430]  The link to the documentation is also given here.
[01:03:01.430 --> 01:03:02.490]  So check that out.
[01:03:02.490 --> 01:03:04.630]  You will be able to understand these better.
[01:03:05.090 --> 01:03:14.290]  So this configuration will make sure that doesn't matter what kind of scheme or what kind of method your EAP is using.
[01:03:14.290 --> 01:03:23.250]  It will support it, even if it is a PEEP or a TTLS or TLS, or even if it is using MSCHAP or GTC or something inside.
[01:03:23.250 --> 01:03:25.070]  So all of that will be supported.
[01:03:25.070 --> 01:03:27.430]  So it's a catch all kind of thing.
[01:03:28.160 --> 01:03:37.520]  So once it is done, we can move forward and we can launch this to start our honeypot.
[01:03:37.990 --> 01:03:48.470]  So what we can observe here is on interface WLAN1, we have created a maze underscore LLC SSID.
[01:03:51.090 --> 01:04:00.230]  Here, what we are observing is a client which was roaming has tried to connect to this, you know, access point.
[01:04:00.470 --> 01:04:06.250]  And in that process, we are able to see the information that it was passing.
[01:04:06.250 --> 01:04:09.650]  So if you remember, we talked about CHAP, right?
[01:04:09.650 --> 01:04:11.190]  The challenge response.
[01:04:11.190 --> 01:04:20.030]  So here, hosted PD Mana is actually giving us the challenge, the response so that we can crack it.
[01:04:20.030 --> 01:04:22.670]  And the username here is Sean.
[01:04:23.010 --> 01:04:28.670]  So this is the command that we need to use with asleep to crack it.
[01:04:29.270 --> 01:04:33.990]  So if we move down, we have actually written this command for you.
[01:04:34.110 --> 01:04:36.350]  Let's clear the screen a little bit.
[01:04:36.790 --> 01:04:39.330]  And let's run this command.
[01:04:40.110 --> 01:04:49.930]  So what we did here is because we had the challenge and the response captured, we used a dictionary file that is given here.
[01:04:49.930 --> 01:04:54.150]  And from that, we recovered the password for it.
[01:04:54.150 --> 01:04:57.230]  The password is chocolate in this case.
[01:04:57.230 --> 01:05:10.050]  So this is how using a honeypot, you can attack enterprise networks, the WPA2 enterprise in this case, which was using a PMS CHAP version 2.
[01:05:10.690 --> 01:05:15.270]  The attack will work similarly for the other schemes as well.
[01:05:16.010 --> 01:05:19.890]  So with this, we are going to conclude this workshop.
[01:05:19.890 --> 01:05:25.910]  I hope you learned about the basics of Wi-Fi and schemes and how to attack them.
[01:05:25.910 --> 01:05:32.430]  And if you face these in real world or in a CTF somewhere, you will be able to solve it.
[01:05:32.630 --> 01:05:39.150]  So with that, thanks again for attending our workshop in Wireless Village.
[01:05:39.150 --> 01:05:47.870]  We also thanks Wireless Village and the DEF CON team to make all of this possible in this tough time.
[01:05:47.970 --> 01:05:50.910]  It doesn't matter how bad it is.
[01:05:50.910 --> 01:05:52.590]  The learning should continue.
[01:05:52.590 --> 01:05:55.070]  And with that, I'll say thanks.
[01:05:55.070 --> 01:06:01.170]  If you have any follow up questions, any comments, any feedbacks, here's my email ID.
[01:06:01.170 --> 01:06:04.890]  You can drop me a mail and I'll try to help you out.
[01:06:04.970 --> 01:06:06.030]  Thank you.
